Heimstaden Bostad’s risk management objective is to maximise returns at acceptable risk levels without compromising the Company’s vision, values, or Code of Conduct. Heimstaden Bostad is exposed to a range of risks that may affect the business, thus it is of key importance to have a comprehensive risk management programme to optimise the risk/return balance.

Heimstaden Bostad gives high priority to risk management, and it is treated as a continuous process integrated into daily processes. We continuously evaluate and develop our risk management function and framework to ensure that we execute a value-add activity. This includes embedding risk management, designating risk ownership, and implementing risk responses throughout the organisation. The Audit & GRC Committee (A&GRC), established by the Board, oversees the framework and process.

The risk management process and framework in Heimstaden Bostad are based upon best practice and the international acknowledged standards of ISO and COSO. We strive to have a simple framework and process that is user-friendly, while also providing the desired risk information. The risk management process is iterative and can be summarised in the figure below.


Risk information is pulled together from all levels and processes to form an integrated view of the risk picture and ensure a consistent risk management effort across the organisation. The Risk Management function aggregates risks at three different levels; at countries of operation, at Group functional line, and across the whole Heimstaden Bostad portfolio (Group). The identified risks and risk responses for the Heimstaden Bostad portfolio overall are discussed in the Executive GRC Committee with Executive Management before it is presented to the Audit & GRC Committee and the Board.

Heimstaden Bostad's Risk Policy has been incorporated in our different countries of operation and functional lines. The Policy sets out key principles related to risk management to ensure that all foreseeable risks that may have an impact on Heimstaden Bostad’s operations and ambitions are evaluated and measured. All managers are required to assume responsibility for risk management within their areas of responsibility and to ensure that risk management is embedded in day-to-day business processes. Risks identified and evaluated by local operations and business areas are continuously tracked and reported regularly.

At Country level, Country Management is responsible for developing and maintaining its risk register on a regular basis. They provide quarterly updates to Group as part of a quarterly review process, which includes status on existing risks, the emergence of new risks, and the status on risk responses. The Country Management is required to align risk management processes closely with their existing business and management operations. We hold regular forums for the resources responsible for risk management in each country to facilitate the sharing of risk information across national borders and markets. 

At Group level, the Group Head of a functional line is responsible for developing and maintaining its risk register, at minimum, each quarter. In addition to formal and informal dialogue on risk topics, we conduct regular meetings between the Management of a functional line at both Group and Country to discuss the risks and risk responses of the respective functional line. This dialogue is called "Sibling dialogue ".